Linuxcontainers

Incus

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-33898

  • EPSS 0.02%
  • Veröffentlicht 26.03.2026 23:25:45
  • Zuletzt bearbeitet 01.04.2026 16:09:31

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web serve...

9.9

CVE-2026-33897

  • EPSS 0.02%
  • Veröffentlicht 26.03.2026 22:43:31
  • Zuletzt bearbeitet 30.03.2026 18:55:33

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used a...

6.5

CVE-2026-33743

Exploit
  • EPSS 0.05%
  • Veröffentlicht 26.03.2026 22:40:07
  • Zuletzt bearbeitet 30.03.2026 18:54:51

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can...

7.8

CVE-2026-33711

Exploit
  • EPSS 0.01%
  • Veröffentlicht 26.03.2026 22:37:29
  • Zuletzt bearbeitet 30.03.2026 18:51:41

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deleti...

4.8

CVE-2026-33542

Exploit
  • EPSS 0.04%
  • Veröffentlicht 26.03.2026 22:32:13
  • Zuletzt bearbeitet 30.03.2026 18:48:50

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstan...

8.7

CVE-2026-23954

Exploit
  • EPSS 0.05%
  • Veröffentlicht 22.01.2026 21:45:55
  • Zuletzt bearbeitet 30.01.2026 17:28:49

Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templat...

8.7

CVE-2026-23953

Exploit
  • EPSS 0.02%
  • Veröffentlicht 22.01.2026 21:39:41
  • Zuletzt bearbeitet 30.01.2026 17:28:45

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing ne...

7.8

CVE-2025-64507

Exploit
  • EPSS 0.03%
  • Veröffentlicht 10.11.2025 21:56:26
  • Zuletzt bearbeitet 29.12.2025 16:29:38

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume tha...